13.8. Give two reasons why different versions of a system based around software diversity may fail in a similar way. 13.9. Explain why you should explicitly handle all exceptions in a system that is intended to have a high level of availability. 13.10. The use of techniques for the production of safe software, as discussed in this chapter, obviously includes considerable extra costs. What extra costs can be justified if 100 lives would be saved over the 15-year lifetime of a system? Would the same costs be justified if 10 lives were saved? How much is a life worth? Do the earning capabilities of the people affected make a difference to this judgment? R E F E R E N C E S Avizienis, A. 1985. ‘The N-Version Approach to Fault-Tolerant Software’. IEEE Trans. on Software Eng., SE-11 12, 1491–501. Avizienis, A. A. 1995. ‘A Methodology of N-Version Programming’. In Software Fault Tolerance. Lyu, M. R. ed.. Chichester: John Wiley Sons. 23–46. Boehm, B. 2002. ‘Get Ready for Agile Methods, With Care’. IEEE Computer, 35 1, 64–9. Brilliant, S. S., Knight, J. C. and Leveson, N. G. 1990. ‘Analysis of Faults in an N-Version Software Experiment’. IEEE Trans. On Software Engineering, 16 2, 238–47. Dijkstra, E. W. 1968. ‘Goto statement considered harmful’. Comm. ACM., 11 3, 147–8. Hatton, L. 1997. ‘N-version design versus one good version’. IEEE Software, 14 6, 71–6. Knight, J. C. and Leveson, N. G. 1986. ‘An experimental evaluation of the assumption of independence in multi-version programming’. IEEE Trans. on Software Engineering., SE-12 1, 96–109. Leveson, N. G. 1995. Safeware: System Safety and Computers. Reading, Mass.: Addison-Wesley. Lindvall, M., Muthig, D., Dagnino, A., Wallin, C., Stupperich, M., Kiefer, D., May, J. and Kahkonen, T.

2004. ‘Agile Software Development in Large Organizations’. IEEE Computer, 37 12, 26–34.

Parnas, D. L., Van Schouwen, J. and Shu, P. K. 1990. ‘Evaluation of Safety-Critical Software’. Comm. ACM, 33 6, 636–51. Pullum, L. L. 2001. Software Fault Tolerance Techniques and Implementation. Norwood, Mass.: Artech House. Storey, N. 1996. Safety-Critical Computer Systems. Harlow, UK: Addison-Wesley. Torres-Pomales, W. 2000. ‘Software Fault Tolerance: A Tutorial.’ http:ntrs.nasa.govarchivenasacasi.20000120144_2000175863.pdf. Chapter 13 ■ References 365